WordPress Content Slider Block plugin <= 3.1.5 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Content Slider Block versions = 3.1.5...

CVE-2024-9443

The Basticom Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

WordPress plugin Pod 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Stars SMTP Mailer 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress HT Builder – WordPress Theme Builder for Elementor plugin <= 1.3.0 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin HT Builder – WordPress Theme Builder for Elementor versions = 1.3.0...

WordPress Appointmind plugin <= 4.0.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Appointmind versions = 4.0.0...

WordPress Bigmart Elements plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin Bigmart Elements versions = 1.0.3...

WordPress Easy Gallery plugin <= 1.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Easy Gallery versions = 1.4...

WordPress plugin Download Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin Multi Step Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

WordPress Marketing Automation by AZEXO plugin <= 1.27.80 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Marketing Automation by AZEXO versions = 1.27.80...

WordPress Signup Page plugin <= 1.0 - Arbitrary Option Update to Privilege Escalation vulnerability

Arbitrary Option Update to Privilege Escalation vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Signup Page versions = 1.0...

WordPress Scrollbar by webxapp plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Scrollbar by webxapp – Best vertical/horizontal scrollbars plugin versions = 1.3.0...

WordPress BP Member Type Manager plugin <= 1.01 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin BP Member Type Manager versions = 1.01...

PT-2024-33564 · Unknown · Brandon White Author Discussion

Name of the Vulnerable Software and Affected Versions: Brandon White Author Discussion versions 0.2.2 and earlier Description: The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, due to the improper neutralization of special elements used in an SQL command...

PT-2024-39924 · WordPress · Parallax Image

Name of the Vulnerable Software and Affected Versions: Parallax Image plugin for WordPress version 1.8 and earlier Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's dd-parallax shortcode, allowing authenticated...

WordPress Fonto – Custom Web Fonts Manager plugin <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Fonto versions = 1.2.1...

WordPress Akismet htaccess writer plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Akismet htaccess writer versions = 1.0.1...

WordPress Da Reactions plugin <= 5.1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Yusuf Patchstack Alliance in WordPress Plugin Da Reactions versions = 5.1.5...

WordPress RS-Members plugin <= 1.0.3 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin RS-Members versions = 1.0.3...